Windows Authentication from a different domain RRS feed

  • Question

  • I have a Website running in our domain which has Windows Authentication enabled. I want this website open to public via Azure and still authenticate users based on their Windows credentials.

    I am considering 2 options.

    1. Host the Website on Azure and follow AD FS techniques to achieve Windows Authentication

    2. Do not host the Website on Azure, but map (or domain alias)  to a server (which has the Website) in our domain which is open to public. 

    I need your advice on this guys. Which is better? Can I achieve Windows Authentication if I go with option 2. How would option 1 be implemented?

    Thanks much in advance

    Tuesday, March 13, 2012 8:48 AM


  • Hi prudhvi,

    I would go for a third option. Have the application run in Azure and use the Windows Azure AppFabric Access Control Service (ACS) to externalize the authentication part. That way, your application doesn't need to know where the authenticated users come from (Windows Live, GMail, ADFS, ...).

    There are plenty of resources and examples on how you can integrated ACS with ADFS (and other identity providers) with your Azure application:

    If you go for option 2, you'll just go back to the 'prehistoric' setup where you have the server in your domain. Because this means you'll need to provide for the licenses, the hardware, the high availability, maintenance, ...


    Sandrino Di Mattia | Twitter: http://twitter.com/sandrinodm | Azure Blog: http://fabriccontroller.net/blog | Blog: http://sandrinodimattia.net/blog

    Tuesday, March 13, 2012 12:50 PM

All replies